By Antony Cook, Regional Vice President and Chief Legal Counsel, Microsoft Asia
Online attacks are becoming increasingly sophisticated and complex to the point that cyberattacks have become the biggest risk to businesses today. Research shows that the world’s companies could incur costs of up to US$5.2 trillion over the next five years due to cybercrime. That is a staggering figure when you think about it. In comparison physical theft, like shoplifting and organized crime cost the world’s retailers about US$100 billion in 2017.
Common threats detected every day range from worms and ransomware to critical attacks like the compromise of industrial control systems and hijacking of infrastructure, such as the famous attack on Ukraine’s power grid in 2016.
Traditional approaches to cyber defense rely on recognizing signatures of known threats. This can be repetitive as it requires going through large amounts of data to identify unusual activities. In order to keep pace with the increasing complexity of cybercrime, advanced AI tools are becoming a necessity.
Every new IoT device provides a new attack surface. It’s estimated there are already more IoT devices than mobile phones. Companies like Microsoft have to block trillions of potential attacks a year. AI is the only way to keep up with the scale of the problem.
The emergence of AI has presented us with an incredibly powerful tool to detect, manage and respond to threats. Although it is important for companies to have their own security measures built into their systems, AI provides an additional boost to defense strategies.
AI learns a unique pattern for each user and network that it safeguards. This means that even slightly unusual behavior that may indicate an attack can be detected. Companies can use their existing data to develop AI algorithms to identify new cyberthreats.
Protecting your customer is key
Despite the advances in technological defenses, what’s really most important is that we focus on the human part of the cybersecurity equation, and always ensure that trust and privacy are the priority. As I’ve said before, people want to know that organizations respect them and are transparent about their actions. It’s important that the benefits of technology are available to all, and not an elite few.
Because AI leverages massive amounts of personal data as part of threat assessment, there are also many concerns with regards to privacy.
Machine learning models are vulnerable to theft and reverse-engineering. Studies have shown that it’s not difficult for an AI to analyze data, that in sufficient amounts, allows for a replication of the original model’s output. It is relatively easy for hackers to essentially copy the machine learning algorithm and find ways to avoid it.
That’s why we recommend using a suite of algorithms so even if one is eluded by the hackers, the others still can provide protection.
Another concern for consumers is data exploitation. An increasing number of products we use, such as smart home devices, have features that make them vulnerable to data breaches. Consumers are often unaware of just how much data their appliances store or share. That’s why it’s imperative that we protect this data at every stage of the process.
Finding the right balance
As a technology company, we can only operate with consumer and public trust. How we safeguard consumer and organizational data has to be a primary consideration as we deploy new ways of using AI in the fight against cybercrime, particularly with the need to secure personal devices. That way we should ensure cybersecurity is always built around protecting people.
At the Mobile World Congress 2019, Microsoft CEO Satya Nadella stated, “We believe privacy is a fundamental human right. That’s why we prioritize cybersecurity, not just for the largest of companies, but for small businesses and consumers, who are often the most vulnerable to cyberattacks.” For this reason, we currently invest over $1B each year in data security.
There are also emerging methods of defense that are currently in the trial stages. Some of these include differential privacy systems, which implement randomness into data in order to avoid identification of an individual, or homomorphic encryption, which lets machine learning algorithms process data while it is still encrypted.
Traditional methods of cyber defense are inadequate in the face of imminent and increasingly complex cyberattacks. In the process of guarding themselves by engaging AI, it is also crucial for companies to ensure consumer privacy in the process. Achieving this balance may be challenging, but it’s ultimately worth it. It is time for organizations to view cybersecurity not as a cost, but as an asset, and as an opportunity to build trust with their stakeholders.